Rafał Miłecki [Thu, 11 Oct 2018 08:01:45 +0000 (10:01 +0200)]
bcm53xx: replace SPI revert with a fix sent upstream
Instead of reverting whole commit it's enough to just revert a single
line change. It seems the real problem with the regressing commit was a
bump of read chunk size. Switching back to 256 B chunks is enough to fix
the problem/regression.
Felix Fietkau [Tue, 9 Oct 2018 11:22:46 +0000 (13:22 +0200)]
kernel: enable memory compaction
Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.
Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
Felix Fietkau [Thu, 25 Jan 2018 13:01:34 +0000 (14:01 +0100)]
kernel: support gcc-optimized inlining on all architectures
Optimized inlining was disabled by default when gcc 4 was still
relatively new. By now, all gcc versions handle this well and there
seems to be no real reason to keep it x86-only.
dnsmasq: add dhcp-ignore-names support - CERT VU#598349
dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for
specific hostnames. Clients claiming certain hostnames and thus
claiming DNS namespace represent a potential security risk. e.g. a
malicious host could claim 'wpad' for itself and redirect other web
client requests to it for nefarious purpose. See CERT VU#598349 for more
details.
Some Samsung TVs are claiming the hostname 'localhost', it is believed
not (yet) for nefarious purposes.
/usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames
in correct syntax to be excluded. e.g.
dhcp-name-match=set:dhcp_bogus_hostname,localhost
Inclusion of this file is controlled by uci option dhcpbogushostname
which is enabled by default.
To be absolutely clear, DHCP leases to these requesting hosts are still
permitted, but they do NOT get to claim ownership of the hostname
itself and hence put into DNS for other hosts to be confused/manipulate by.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
64750c1 version: bump snapshot f11a2b8 global: style nits 4b34b6a crypto: clean up remaining .h->.c 06d9fc8 allowedips: document additional nobs c32b5f9 makefile: do more generic wildcard so as to avoid rename issues 20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1 b6e09f6 crypto: disable broken implementations in selftests fd50f77 compat: clang cannot handle __builtin_constant_p bddaca7 compat: make asm/simd.h conditional on its existence b4ba33e compat: account for ancient ARM assembler
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Hauke Mehrtens [Tue, 2 Oct 2018 20:43:58 +0000 (22:43 +0200)]
image: ignore usign build errors
The tl-wa850re-v2 images from the ar71xx/tiny target are getting too big
with the default packages. The size check is done before the meta data
is added so there is no file to add meta data to or to sign. Originally
errors in Build/append-metadata were getting ignored, but if the signing
fails the error is not ignored.
This adds a check if the file to be signed is there and only does the
signing if it is there. This way it does not fail if the package
creation was already aborted earlier.
Fixes: 848b455d2e94 ("image: use ucert to append signature") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hans Dedecker [Sun, 7 Oct 2018 18:37:47 +0000 (20:37 +0200)]
busybox: fix IPv6 dependency
Commit 9f0cb135dd made BUSYBOX_CONFIG_FEATURE_IPV6 dependant on IPV6 but
did not make its default value BUSYBOX_DEFAULT_FEATURE_IPV6 dependant
on IPV6. BUSYBOX_DEFAULT_FEATURE_IPV6 will have as default value y if
IPV6 is enabled otherwise n.
e1791f3 Fix logging of DNSSEC queries in TCP mode. Destination server address was misleading. 0fdf3c1 Fix dhcp-match-name to match hostname, not complete FQDN. ee1df06 Tweak strategy for confirming SLAAC addresses. 1e87eba Clarify manpage for --auth-sec-servers 0893347 Make interface spec optional in --auth-server. 7cbf497 Example config file fix for CERT Vulnerability VU#598349.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Hans Dedecker [Sun, 7 Oct 2018 15:35:06 +0000 (17:35 +0200)]
nghttp2: bump to 1.34.0
2b085815 (tag: v1.34.0) Update manual pages 986fa302 Bump up version number to 1.34.0, LT revision to 31:1:17 7c8cb3a0 nghttpx: Improve CONNECT response status handling 334c439c Fix bug that regular CONNECT does not work 6700626c Rule out content-length in the successful response to CONNECT 15162add Update manual pages 93270777 Merge pull request #1235 from nghttp2/backend-conn-timeout aeb92bbb nghttpx: Add read/write-timeout parameters to backend option fc7489e0 nghttpx: Fix mruby parameter validation 87ac872f nghttpx: Update doc c278adde nghttpx: Log error when mruby file cannot be opened f94d7209 Merge pull request #1234 from nghttp2/nghttpx-rfc8441 9b9baa6b Update doc 02566ee3 nghttpx: Update doc 3002f31b src: Add debug output for SETTINGS_ENABLE_CONNECT_PROTOCOL d2a594a7 nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2 651e1477 Allow client sending :protocol optimistically a42faf1c nghttpx: Write TLS alert during handshake 4aac05e1 Merge pull request #1231 from nghttp2/ws-lib-only b80dfaa8 Adjustment for RFC 8441 a19d8f5d Deal with :protocol pseudo header 33f6e90a Add NGHTTP2_TOKEN__PROTOCOL ed7fabcb Add SETTINGS_ENABLE_CONNECT_PROTOCOL 8753b6da Update doc f2de733b Update neverbleed to fix OpenSSL 1.1.1 issues 88ff8c69 Update mruby 1.4.1 a63558a1 nghttpx: Call OCSP_response_get1_basic only when OCSP status is successful 3575a132 nghttpx: Fix crash with plain text HTTP e2de2fee Update bash_completion 9f415979 Update manual pages 4bfc0cd1 Merge pull request #1230 from nghttp2/nghttpx-faster-logging 9c824b87 nghttpx: Get rid of std::stringstream from Log a1ea1696 Make VALID_HD_NAME_CHARS and VALID_HD_VALUE_CHARS const qualified dfc0f248 Make static_table const qualified ed7c9db2 nghttpx: Add mruby env.tls_handshake_finished 5b42815a nghttpx: Strip incoming Early-Data header field by default cfe7fa9a nghttpx: Add --tls13-ciphers and --tls-client-ciphers options cb8a9d58 src: Remove TLSv1.3 ciphers from DEFAULT_CIPHER_LIST 023b9448 Merge branch 'tls13-early-data' 9b03c64f nghttpx: Should postpone early data by default b8eccec6 nghttpx: Disable OpenSSL anti-replay 9f212587 Specify SSL_CTX_set_max_early_data and add an option to change max value 47f60124 nghttpx: Add an option to postpone early data processing 770e44de Implement draft-ietf-httpbis-replay-02 2ab319c1 Don't hide error code from openssl 39923024 Remove SSL_ERROR_WANT_WRITE handling b30f312a Honor SSL_read semantics c5cdb78a nghttpx: Add TLSv1.3 0-RTT early data support f79a5812 Bump up version number to 1.34.0
Rafał Miłecki [Sun, 7 Oct 2018 12:17:50 +0000 (14:17 +0200)]
iperf: fix --daemon option
Support for -D got broken in the 2.0.11 release by the upstream commit 218d8c667944 ("first pass L2 mode w/UDP checks, v4 only"). After that
commit clients were still able to connect but no traffic was passed.
It was reported and is fixed now in the upstream git repository.
Backport two patches to fix this. The first one is just a requirement
for the later to apply. The second one is the real fix and it needed
only a small adjustment to apply without backporing the commit 10887b59c7e7 ("fix --txstart-time report messages").
Fixes: 457e6d5a27be ("iperf: bump to 2.0.12") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
INAGAKI Hiroshi [Tue, 2 Oct 2018 13:28:45 +0000 (22:28 +0900)]
ath79: add support for Buffalo WZR-HP-G302H A1A0
Buffalo WZR-HP-G302H is a 2T2R 2.4 GHz 11n router, based on Atheros
AR7242.
It is Japanese market model of WZR-HP-G300NH2, but there are some
diffrences. This commit is based on WZR-HP-G300NH2 in ar71xx.
And, G302H has several hardware versions and hardware is different
dependent on the versions. This commit adds support for "A1A0"
version.
1. Boot WZR-HP-G302H normaly and connect the computer to its LAN port
2. Access to "http://192.168.11.1/" and move to firmware update page
("ファーム更新")
3. Select the OpenWrt factory image and click update ("更新実行")
button to perform firmware update
4. Wait ~200 seconds to complete flashing
Sven Eckelmann [Mon, 1 Oct 2018 10:27:25 +0000 (12:27 +0200)]
ar71xx: Use sysupgrade's RAMFS_COPY_* for fw_(set|print)env
The install_bin from /lib/upgrade/common.sh is no longer creating the
symlinks when a secondary parameter is added. But the fw_setenv program was
always copied this way to the ramdisk for the upgrade.
Instead, this should be done using RAMFS_COPY_* like on all other
platforms.
Fixes: 438dcbfe74a6 ("base-files: automatically handle paths and symlinks for RAMFS_COPY_BIN") Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Mathias Kresin [Sun, 7 Oct 2018 13:33:35 +0000 (15:33 +0200)]
ath79: fix build warning
The image build code for the Ubiquiti Nanostation AC series adds the
factory image as to be build image. The same is already done by an
included recipe which results into an expanded IMAGE variable of:
IMAGES = sysupgrade.bin factory.bin factory.bin
The build system doesn't like these duplicates and issues the following
warning:
Makefile:82: warning: overriding recipe for target...
Get remove the duplicate factory image to get rid of the warning.
Fixes: 5736af8024be ("ath79: Add support for Ubiquiti NanoStation AC loco") fa3c2676ab0c ("ath79: Add support for Ubiquiti Nanostation AC")
Mathias Kresin [Wed, 29 Aug 2018 06:58:33 +0000 (08:58 +0200)]
ramips: don't hijack the status led
Don't hijack the status led to indicate the wireless state. If we don't
have a dedicated wireless led, it's as simply as the wireless status
can't be indicated.
Such a led misuse should be set by the user and not shipped by default.
1. Connect to serial header on device
2. Power on device and enter uboot console
3. Set up tftp server serving an openwrt initramfs build
4. Load initramfs build using the command tftpboot in the uboot cli
5. Boot the loaded image using the command bootm
6. Copy squashfs openwrt sysupgrade build to the booted device
7. Use mtd to write sysupgrade to partition "firmware"
8. Reboot and enjoy
Tobias Schramm [Tue, 23 Jan 2018 10:36:41 +0000 (11:36 +0100)]
ath79: Add support for Ubiquiti NanoStation AC loco
Atheros AR9342, 16 MB flash, 64 MB RAM
Successor to the old NanoStation M5 loco with AC wireless.
Includes a mac80211 patch for ath10k_pci because Ubiquiti uses a Ubiquiti
branded and customized QCA988X with vendor id 0777 and device id 11ac for
AC wireless.
Installation
1. Connect to serial header on device (8N1 115200)
2. Power on device and enter uboot console
3. Set up tftp server serving an openwrt initramfs build
4. Load initramfs build using the command tftpboot in the uboot cli
5. Boot the loaded image using the command bootm
6. Copy squashfs openwrt sysupgrade build to the booted device
7. Use mtd to write sysupgrade to partition "firmware"
8. Reboot and enjoy
Tobias Schramm [Wed, 24 Jan 2018 00:38:14 +0000 (01:38 +0100)]
mkfwimage: Add image type definition for WA images
This patch adds a new type of ubiquiti image, the WA image. First seen
on the NanoStation AC loco the generic name implies that we will see
this type of image on more ubiquiti devices thus it makes sense to
implement it in mkfwimage.
The main difference is that WA images are signed. The "END" header has
been replaced by a "ENDS" header followed by a 2048 bit RSA signature.
This signature is not being generated by mkfwimage and filled with 0x00.
Thomas Nixon [Tue, 4 Sep 2018 20:54:58 +0000 (21:54 +0100)]
uboot-lantiq: fix compile with modern host dtc
In dtc version 1.4.6 the macro names in header include guards changed,
but the build relies on them matching in order to replace selected
headers. This is a horrible hack to work around this.
Hans Dedecker [Sat, 6 Oct 2018 19:23:53 +0000 (21:23 +0200)]
ubus: update to latest git HEAD
221ce7e ubusd_acl: event send access list support da503db ubusd_acl: event listen access list support c035bab ubusd_acl: rework wildcard support 73bd847 ubusd_event: move strmatch_len to ubus_common.h 0327a91 ubus/lua: add support for BLOBMSG_TYPE_DOUBLE
* Account for big-endian 2^26 conversion in Poly1305.
* Account for big-endian NEON in Curve25519.
* Fix macros in big-endian AArch64 code so that this will actually run there
at all.
* Prefer if (IS_ENABLED(...)) over ifdef mazes when possible.
* Call simd_relax() within any preempt-disabling glue code every once in a
while so as not to increase latency if folks pass in super long buffers.
* Prefer compiler-defined architecture macros in assembly code, which puts us
in closer alignment with upstream CRYPTOGAMS code, and is cleaner.
* Non-static symbols are prefixed with wg_ to avoid polluting the global
namespace.
* Return a bool from simd_relax() indicating whether or not we were
rescheduled.
* Reflect the proper simd conditions on arm.
* Do not reorder lines in Kbuild files for the simd asm-generic addition,
since we don't want to cause merge conflicts.
* WARN() if the selftests fail in Zinc, since if this is an initcall, it won't
block module loading, so we want to be loud.
* Document some interdependencies beside include statements.
* Add missing static statement to fpu init functions.
* Use union in chacha to access state words as a flat matrix, instead of
casting a struct to a u8 and hoping all goes well. Then, by passing around
that array as a struct for as long as possible, we can update counter[0]
instead of state[12] in the generic blocks, which makes it clearer what's
happening.
* Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86,
and the other implementations do not require that kind of alignment either.
* Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so
that we can build code that uses umull.
* Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config
variables consistently throughout.
* Document rationale for the 2^26->2^64/32 conversion in code comments.
* Convert all of remaining BUG_ON to WARN_ON.
* Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old
ISAs via the macro in <asm/assembler.h>.
* Do not allow WireGuard to be a built-in if IPv6 is a module.
* Writeback the base register and reorder multiplications in the NEON x25519
implementation.
* Try all combinations of different implementations in selftests, so that
potential bugs are more immediately unearthed.
* Self tests and SIMD glue code work with #include, which lets the compiler
optimize these. Previously these files were .h, because they were included,
but a simple grep of the kernel tree shows 259 other files that carry out
this same pattern. Only they prefer to instead name the files with a .c
instead of a .h, so we now follow the convention.
* Support many more platforms in QEMU, especially big endian ones.
* Kernels < 3.17 don't have read_cpuid_part, so fix building there.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Koen Vandeputte [Thu, 4 Oct 2018 13:12:27 +0000 (15:12 +0200)]
ar71xx: fix pci irq init on kernel 4.14
The IRQ init structs are marked as __initconst which
means this memory can be free after init.
On this platform, the PCI IRQ init happens very late _after_ the
kernel already freed the memory allocated for these structs.
During IRQ allocation, the allocation function is passed
with invalid data at this point leading to following error:
[ 0.000000] SoC: Qualcomm Atheros QCA9533 ver 2 rev 0
[ 2.382828] Freeing unused kernel memory: 264K
[ 34.414816] pci 0000:00:00.0: no irq found for pin 1
and
[ 0.000000] SoC: Qualcomm Atheros QCA956X ver 1 rev 0
[ 2.125401] Freeing unused kernel memory: 284K
[ 9.526479] pci 0000:00:00.0: no irq found for pin 1
After this patch:
[ 14.960814] pci 0000:00:00.0: using irq 40 for pin 1
Commit 318e19ba6755 ("ar71xx: add v4.14 support") fixed this for the
default targets already present in the source by default but forgot
to remove the __initconst attribute for targets QCA953x and QCA956x
which are only added later through platform patches.
CONFIG_SUN4I_A10_CCU controls both the A10 and the A20 enabling of the
CCU (LCCF) driver, this will be necessary once we move beyond kernel
4.14 because 4.15 has commit f18698e1c66338b902de386e4ad97b8b1b9d999d
("ARM: dts: sun7i: Convert to CCU") which requires this driver.
Fixes: ad2b3bf310f7 ("sunxi: Add support for kernel 4.14") Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Kernels 4.14.73 & 4.9.140 include the gso fixup fix, so cake
doesn't need to do it. Let's not waste cpu cycles by doing it in
cake which could be really important on cpu constrained devices.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
projects / thirdparty / openwrt.git / log
